CVE Catalog

CVE-2026-53914

MediumCVSS 6.7
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.20%

9th percentile — higher than 9% of all known CVEs

Summary

In JetBrains Kotlin before version 2.4.20, a vulnerability was found that allows code execution via unsafe deserialization in the build cache metadata.

Risk Assessment

An attacker can remotely execute arbitrary code on the build server, leading to control over the build process and potential compromise of artifact integrity.

Recommendation

Immediately update JetBrains Kotlin to version 2.4.20 or later, which includes a fix for the unsafe deserialization issue.

Original NVD description (English source)

In JetBrains Kotlin before 2.4.20 code execution was possible via unsafe deserialization in the build cache metadata

Vulnerability data from NVD (NIST) · CISA KEV · EPSS